Open ioerror opened 11 years ago
thanks for the input. NTP and keeping secure time were issues we were concerned about. Do you also have puppet module for tlsdate?
dolanjs:
thanks for the input. NTP and keeping secure time were issues we were concerned about. Do you also have puppet module for tlsdate?
I don't have a puppet module; I'd gladly integrate one into the tlsdate git repo. Just apt-get install tlsdate and it will run tlsdated, which in turn runs tlsdate to keep the time in sync.
I wrote https://www.github.com/ioerror/tlsdate for systems where we wished to have relatively accurate (~1sec) clocks and as a simple trade off, we receive authenticated time. I suggest that rather than using ntp, you use tlsdate and use it over Tor. This should reduce the direct attack surface as it is written in a privilege separated manner. It will rarely touch the local network in an unprotected manner.